IN THE CLAIMS: 



1. (canceled) 

2. (currently amended) A method for disclosing the identity of a message- 
originator program (D) to a message-receiver program (S), the method comprising: 

sending from said message-originator program (D) to said message receiver 
program (S) a message comprising a program-specific identifier (H(D)), which has been 
provided for said message-originator program (D) by means of an automatic operation 
of applying a hash function (TO to said message originator program in a trusted 
computing base (TCB) in which said trusted computing base applies said hash function 
to said message originator program in response to a request from said message 
originator program, the result of which hash function is said program-specific identifier, 
said program-specific identifier (H(D)) being verifiable at said message-receiver 
program (S) whether it is known to said message-receiver program (S). 

3. (currently amended) A method for verifying the identity of a message- 
originator program (D) by message-receiver program (S), the method comprising the 
steps of: 

providing a program-specific identifier (H(D)) for said message-originator 
program (D) by means of an automatic operation of applying a hash function (H) to said 
message originator program in a trusted computing base (TCB), in which said trusted 
computing base applies said hash function to said message originator program in 
response to a request from said message originator program, the result of which hash 
function is said program-specific identifier: 
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sending from said message-originator program (D) to said message-receiver 
program (S) a message comprising said program-specific identifier (H(D)), 
receiving at said message-receiving program (S) said message; and 
verifying whether said received program-specific identifier (H(D)) is known to said 
message-receiver program (S). 

4. (Currently amended) Method according to claim + 3, wherein the message-receiver 
program afterwards becomes a response message-originator program and sends a 
response message to the message-originator program comprising: 

a response-program-specific identifier (H(S))> which has been provided for said 
response-message originator program by means of the trusted computing base (TCB); 
and 

an acknowledgment of the program-specific identifier (H(D)) has been verified 
as being known. 

5. (canceled) 

6. (Canceled) 

7. (currently amended) Method according to claim + 3, wherein the message 
further comprises an additional program-specific identifier (H(G)) that is signed by use 
of the a private cryptographic key (k 1 ) acceptable to said message receiver program to 
establish a membership of an additional program in a trust relationship , in which said 
private cryptographic key is supplied bv a helper program that is known to said 
message-receiver program and knows said message originator program: and 



- 3 - 



said hel per program receives an additional p rivate kev and an additional program 
specific identifier from said addit ional program; 



said hel per program verifies that said addit ional program is known to it; and 

said helper program sends said additional private kev a nd additional program 
specific identifier to said message receiver program; 

said message receiver program adds said additiona l private kev and additional 
program specific identifier to a stored list of known program specific identifiers, 
whereby said additional program is added to sa id trust relationship. 

8. (Canceled) 

9. (canceled) 

10. (canceled) 

1 1 . (Currently amended) Method according to claim ir 3 , wherein the message- 
originator program (D) and the message-receiver program (S) are executed on different 
systems and are connectable via a network, each having its trusted computing base 
(TCB) for providing program-specific cryptographic identifiers. 

12. (currently amended) A computer program comprising program code means for 
performing the steps of claim * 3, when said program is run on a computer. 
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13. (currently amended) A computer program product comprising program code 
means stored on a computer readable medium for performing the method of claim * 3, 
when said program product is run on a computer. 

14. (currently amended) An apparatus for verifying the identity of a message- 
originator program (D) by a message-receiver program (S) on a computer, the apparatus 
comprising: 

computing means; 

a receive module for receiving from said message-originator program (D) a 
message comprising a program-specific identifier (H(D)), which has been provided for 
said message-originator program (D) by means of a trusted computing base (TCB), and 

a verifier-module that verifies whether said program-specific identifier (H(D)) is 
known to said message-receiver program (S). 

15. (canceled) 

16. (new) A method according to claim 7, in which said helper program is invoked 
after said message originator program has been rejected by said message receiver 
program. 

1 7. (new) A method according to claim 7, in which said helper program is invoked 
to perform a computation function. 

1 8 (new) A method according to claim 16, in which said helper program is 
invoked said message originator program without human intervention. 
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1 9 (new) A method according to claim 1 7, in which said helper program is 
invoked said message originator program without human intervention. 
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